Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Re:ipv6 incompetence is nothing new. (Score 1) 65

Excellent! This is the way it should be done (firewall part aside). A globally routable IP address per machine is the dream!

Even if you accept that's a good idea; that doesn't actually require 128bits, 40 would give us a trillion addresses, ~140 each. (That assumes we're all equal and the population is stable. The former is clearly false, though population is expected to peak at less than 10 billion.) Given the impossibility of everyone having US lifestyles, 1 trillion addresses is effectively unlimited, you don't actually need enough to address every atom in the observable universe.

I would not agree with you here. The motivation is a larger address pool.

IPv6 is always sold as being security aware, it just manages to fail at that as well. A rational person would say that it needs a redesign now to BE secure before widespread adoption is forced by exhaustion... (though if you put a $1/year cost on IP addresses we'd all of a sudden be awash in the damn things and businesses wouldn't have a /16 to support an office with zero servers in it...)

Comment Re:The publisher does not get paid faster on pre o (Score 1) 223

Getting the money before release isn't really the issue.

Getting the money before people know what an unholy broken dog your product is, that's the issue.

Publishers discovered that they could guarantee X million dollars of revenue on day one, AND that the return rate wasn't purely based on it working on day one because people have a lot of inertia and would wait a few days to be reassured that their problems were being addressed and a patch was forthcoming "soon". They also discovered that advertising spend, empty promises of bonus content, the ability to download early, and in-game progression systems that reward jump starting on others meant they could massively increase the day one sales on digital download as well.

What they couldn't do was upset their shareholders and blow revenue forecasts and not release, so if it's horribly broken, it ships. Even if it didn't even start on half the systems out there, it wouldn't effect that quarter's revenue, and that's what's most important.

Not that anything's going to change, the people writing these articles aren't the teenagers who are proving the MBA scumbags right.

Comment Re:Many are already using HTTPS and IPv6 (Score 1, Insightful) 111

OK, but explain to me why https://www.nasa.gov/ needs SSL/TLS at all, including the ongoing costs to maintain certificates and infrastructure, when it's a purely informational site?

It's like insisting that posters of cars should be retrofitted with air-bags and collision detection.

Comment Re:Obligatory (Score 1) 116

Nope, to all that.

Effect is the entirely the issue. The effort required to ensure this kind of thing *NEVER* happens is entirely disproportionate to the effort required to ensure that there is nothing of real value on an internet accessible server (or from it).

Furthermore, a DNS attack that re-delegates the domain to different DNS servers would mean everyone (other than internal users that wouldn't be be using public DNS servers) would see the affected page, which is what they want, "how" is entirely irrelevant to the attackers. It's still news, it would still be covered, and it would be harder to resolve as quickly as taking the server offline as soon as the monitoring detected the change.

The "private DNS system" isn't accessible publicly either, or it's just another attack surface

What some jerkoff sees when he connects to your system is one thing. What actually happened to your systems is another.

Exactly, and when you're the Military "your systems" are those on the high security network, not a poster you hung up outside, which neatly takes us back to XKCD.

Comment Re:Obligatory (Score 1) 116

You can still hack that, just need to go after the DNS server instead.

And yes, Government rank reputation very highly when you do a risk review, but IFF there was anything on this server that wasn't UNCLASSIFIED:For Public Release, then there was *already* a breach.

Experience with some corporate wanker does not reflect the way the military/government do security at all.

Comment Re:Obligatory (Score 2) 116

Yeah, that's exactly what that XKCD is saying. They got at an externally hosted server that would have occasionally been accessed FROM a (more, but not highly) secure .mil network, but doesn't have any access TO any .mil network.

It's about as significant as shitting through a recruiting office letterbox in a mall.

Comment Re:IPv6 shortcomings? (Score 1) 595

Perhaps because Bob Homeowner *might* be able to manage one IP address and the associated firewall, but to maintain an IPv6 firewall across an arbitrary address space for fixed/wireless and guest devices would make his head implode?

We could have gone with mapping current IPv4 address as the least significant bits of a larger space and had no need at all to change any existing addressing (10.0.0.1 == 0.0.0.0.10.0.0.1 for example, instead of 0:0:0:0:0:ffff:a00:1). Yes, IPv6 has 2^64 more addresses than what I propose, but we don't need a unique address for every atom of the universe.

If you want to know why IPv6 is such a failure, look up Esperanto, it's technically better than it's predecessors too (and had over a century head start).

Comment Re:Loud then quit (Score 4, Insightful) 468

^ that's complete bullshit.

Surround is tuned for theatres, and you don't care that it's loud when the music/explosions are going off and quiet for dialogue because you don't have a child sleeping in the next room in the theatre. It's not that the music/explosions are painfully loud at home, it's that they're still too damn loud for night viewing with children/neighbours/etc.

FORTH IF HONK THEN

Working...